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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. Please amend the claims as follows: 

Listing of Claims: 

1 . (Previously Presented) An enterprise network architecture, comprising: 
a first network system including a plurality of_first network system domains; 

a second network system including a plurality of-second network system domains, the 
second network system being autonomous from the first network system such that the first 
network system domains are administratively independent from the second network system 
domains; and 

a trust link between a first network system root domain and a second network system root 
domain, the trust link configured to provide transitive resource access between the plurality of 
first network system domains and the plurality of second network system domains where the 
transitive resource access includes remote authentication such that an account managed by the 
second network system initiates a request for authentication via a first network system domain, 
and where it is determined from the trust link where to communicate the account request. 

2. (Previously Presented) An enterprise network architecture as recited in claim 1, 
wherein: 

the first network system root domain is configured for communication with the plurality 
of first network system domains; 

the second network system root domain is configured for communication with the 
plurality of second network system domains; and 

the trust link is further configured to provide transitive security associations between the 
plurality of first network system domains and the plurality of second network system domains. 
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3. Canceled 

4. (Original) An enterprise network architecture as recited in claim 1 , wherein the 
transitive resource access includes the remote authentication to access a resource managed in the 
second network system, such that the account managed by the second network system can 
initiate the request for authentication to access the resource via the first network system domain. 

5. (Original) An enterprise network architecture as recited in claim 1, wherein: 
the first network system domain includes a first domain controller; 

a second network system domain includes a second domain controller; and 
the account managed by the second domain controller can initiate the request for remote 
network authentication via the first domain controller. 

6. (Original) An enterprise network architecture as recited in claim 1, wherein: 
the first network system domain includes a first domain controller; 

a second network system domain includes a second domain controller; and 
the account managed by the second domain controller can initiate the request for 
authentication to access a resource managed in the second network system, the request for 
authentication communicated from the first domain controller to the second network system via 
the trust link. 

7. (Previously Presented) An enterprise network architecture as recited in claim 1, 
wherein: 

the first network system root domain is configured for communication with the plurality 
of first network system domains, an individual first network system domain including a first 
domain controller; 

the second network system root domain is configured for communication with the second 
network system domains, an individual second network system domain including a second 
domain controller; and 
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the account managed by the second domain controller can initiate the request for 
authentication to access a resource managed by the second domain controller, the request for 
authentication communicated from the first domain controller to the second domain controller 
via the first network system root domain, the trust link, and the second network system root 
domain. 

8. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a one-way trust link initiated by an administrator of the first network system, and wherein 
the account in the second network system can access resources in the first network system. 

9. (Original) An enterprise network architecture as recited in claim 1 , wherein the trust 
link is a one-way trust link initiated by an administrator of the first network system, the one-way 
trust link configured to provide transitive resource access from the second network system 
domains to the first network system domains. 

10. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a two-way trust link initiated by a first network system administrator and by a second 
network system administrator, and wherein the transitive resource access is automatically 
configured when the trust link is established. 

1 1 . (Original) An enterprise network architecture as recited in claim 1 , wherein the first 

network system is configured to determine from the trust link where to communicate a request 
for a resource, the request received from the account managed in the first network system and the 
resource maintained by the second network system. 

12. Canceled 

1 3 . (Original) An enterprise network architecture as recited in claim 1 , wherein the first 
network system is configured to receive a request to logon to the second network system and 
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determine from the trust link where to communicate the request, and wherein the second network 
system is configured to authenticate the request. 

14. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a data structure configured to maintain namespaces corresponding to trusted network 
system domain components. 

15. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link includes a first network system data structure and a second network system data structure, 
the first network system data structure configured to maintain trusted namespaces corresponding 
to the second network system, and the second network system data structure configured to 
maintain trusted namespaces corresponding to the first network system. 

16. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a data structure configured to maintain namespaces corresponding to the second network 
system, and wherein the first network system is configured to: 

maintain the data structure; and 

automatically designate which of the namespaces are trusted by the first network system. 

17. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a data structure maintained by the first network system, the data structure configured to 
maintain namespaces corresponding to trusted second network system domain components, and 
the trusted second network system domain components being designated as trusted by a first 
network system administrator. 

18. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a data structure maintained by the first network system, the data structure configured to 
maintain trusted namespaces corresponding to the second network system, and wherein the first 
network system is configured to receive a request to logon to the second network system and 
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determine from the trusted namespaces where to communicate the request. 

19. Canceled 

20. Canceled 

21. (Previously Presented) An enterprise network architecture as recited in claim 1, 
wherein the first network system is configured to: 

receive an account request to logon to the second network system; and 
provide a security identifier to the second network system, the security identifier 
corresponding to the account. 

22. (Original) An enterprise network architecture as recited in claim 1, wherein: 
the first network system is configured to determine from the trust link where to 

communicate a service account request to access a resource maintained by the second network 
system; 

the first network system is further configured to provide a security identifier to the second 
network system, the security identifier corresponding to a user account maintained by the first 
network system; and 

the second network system is configured to determine from the trust link whether to trust 
the security identifier to authorize the service account request. 

23. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a data structure maintained by the first network system, the data structure configured to 
maintain trusted namespaces corresponding to the second network system, and wherein the first 
network system is configured to: 

determine from the trusted namespaces where to communicate a logon request received 
from the account managed in the second network system; and 
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provide a security identifier to the second network system, the security identifier 
corresponding to the account. 



24. (Original) An enterprise network architecture as recited in claim 1, wherein the trust 
link is a data structure maintained by the first network system, the data structure configured to 
maintain trusted namespaces corresponding to the second network system, and wherein: 

the first network system is configured to determine from the trusted namespaces where to 
communicate a service account request to access a resource maintained by the second network 
system; 

the first network system is further configured to provide a security identifier to the second 
network system, the security identifier corresponding to a user account maintained by the first 
network system; and 

the second network system is configured to determine from the trusted namespaces 
whether to trust the security identifier to authorize the service account request. 

25. Canceled. 

26. Canceled. 

27. Canceled. 

28. Canceled. 

29. Canceled. 

30. Canceled. 

3 1 . Canceled. 
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32. (Previously Presented) A network system domain, comprising: 

a root domain controller communicatively linked with a plurality of network system 
domains in a first network system; and 

a trusted domain component configured to define a trust link between the root domain 
controller and a second network system root domain controller, the second network system root 
domain controller communicatively linked with a plurality of second network system domains 
that are administratively independent from the first network system domains, and the trust link 
being configured to provide transitive resource access between the first network system domains 
and the second network system domains, the trusted domain component being further configured 
to provide remote network authentication such that an account managed by a second network 
system domain initiates a request for authentication via a first network system domain, and 
where it is determined from the trust link where to communicate the account request and to 
authenticate the request via the trust link. 

33. (Original) A network system domain as recited in claim 32, wherein the root domain 
controller is configured to create the trusted domain component when the trust link is initiated. 

34. (Original) A network system domain as recited in claim 32, wherein the root domain 
controller is configured to establish the transitive resource access between the first network 
system domains and the second network system domains when the trust link is initiated. 

35. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component defines a one-way trust link from the root domain controller to the second 
network system root domain controller. 

36. Canceled 
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37. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component is further configured to provide the remote network authentication to access a 
resource managed by the second network system domain, such that the account managed by the 
first network system domain can initiate a request to access the resource, the request 
communicated from the root domain controller to the second network system root domain 
controller via the trust link. 

38. (Original) A network system domain as recited in claim 32, wherein the root domain 
controller is configured to determine from the trusted domain component where to communicate 
the request for authentication received from the account managed by the second network system 
domain. 

39. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component is configured to indicate where to communicate the request for authentication 
received from the account managed by the second network system domain. 

40. (Original) A network system domain as recited in claim 32, wherein the root domain 
controller is configured to determine from the trusted domain component where to communicate 
a request for a resource, the request received from the account managed by the second network 
system domain and the resource maintained by the second network system domain. 

41 . (Original) A network system domain as recited in claim 32, wherein the root domain 
controller is configured to receive a request to logon to the second network system domain, and 
determine from the trusted domain component to communicate the request to the second network 
system root domain controller via the trust link. 

42. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component is a data structure configured to maintain trusted namespaces corresponding 
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to the second network system. 

43. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component is a data structure configured to maintain namespaces corresponding to 
trusted second network system domain components. 

44. (Original) A network system domain as recited in claim 32, wherein the trusted domain 
component is a data structure configured to maintain namespaces corresponding to the second 
network system, and wherein the root domain controller is configured to maintain the data 
structure and automatically designate which of the namespaces are trusted by the first network 
system. 

45. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component is a data structure maintained by the root domain controller, the data 
structure configured to maintain namespaces corresponding to the second network system, and 
the namespaces being designated as trusted by a network system administrator. 

46. (Previously Presented) A network system domain as recited in claim 32, wherein 
the trusted domain component is a data structure maintained by the root domain controller, the 
data structure configured to maintain trusted namespaces corresponding to the plurality of second 
network system domains, and wherein the root domain controller is configured to receive a 
request to logon to the second network system and determine from the trusted namespaces where 
to communicate the request. 

47. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component is a data structure configured to maintain trusted namespaces corresponding 
to the second network system, and wherein the root domain controller is configured to determine 
from the trusted namespaces where to communicate a request for a resource, the request received 
from an account managed by the root domain controller and the resource maintained by a second 
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network system domain. 

48. (Original) A network system domain as recited in claim 32, wherein: 

the trusted domain component is a data structure configured to maintain trusted 
namespaces corresponding to the second network system; 

the root domain controller is configured to determine from the trusted namespaces where 
to communicate a request for a resource, the request received from an account managed by the 
root domain controller and the resource maintained by a second network system domain; and 

the second network system is configured to authorize the request for the resource. 

49. (Original) A network system domain as recited in claim 32, wherein the root domain 
controller is configured to: 

receive an account request to logon to a second network system domain; 
determine from the trusted domain component where to communicate the account 
request; and 

provide a security identifier to the second network system domain controller, the security 
identifier corresponding to the account. 

50. (Original) A network system domain as recited in claim 32, wherein the trusted 
domain component is a data structure maintained by the domain controller, the data structure 
including trusted namespaces corresponding to the second network system, and wherein the root 
domain controller is configured to: 

determine from the trusted namespaces where to communicate a logon request received 
from an account managed by a second network system; and 

provide a security identifier to the second network system domain controller, the security 
identifier corresponding to the account. 



51 . (Currently amended) A method p e rform e d by a first network system domain controller^ 
the performing a method comprising: 
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establishing a trust link with a second network system domain controller to provide 
transitive resource access between domains in a first network system and domains in a separate, 
autonomous second network system; 

receiving an authentication request from an account managed by a domain in the second 
network system; and 

determining from the trust link where to communicate the request and to authenticate the 
request via the trust link. 

52. (Previously Presented) The method as recited in claim 51, wherein establishing the 
trust link comprises: 

receiving network system identifiers corresponding to the second network system; 
creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 

53. (Previously Presented) Xhe_method as recited in claim 51, wherein establishing the 
trust link comprises: 

receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; and 
designating which of the namespaces to trust. 

54. (Previously Presented) The_method as recited in claim 5 1 , wherein establishing the 
trust link comprises: 

receiving network system identifiers corresponding to the second network system; 
creating a data structure to maintain the network system identifiers; 
determining whether to trust an individual network system identifier; and 

designating in the data structure whether to trust the individual network system identifier. 

55. (Previously Presented) The_method as recited in claim 51, wherein establishing the 
trust link comprises: 
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receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; 
determining whether to trust an individual namespace; and 

designating in the data structure whether to trust the individual namespace. 

56. (Previously Presented) The method as recited in claim 5 1 , wherein establishing the 
trust link comprises: 

receiving network system identifiers corresponding to the second network system; 
comparing a received network system identifier with existing network system identifiers 
to determine whether to accept the received network system identifier; and 

creating a data structure to maintain accepted network system identifiers. 

57. (Previously Presented) The method as recited in claim 51, wherein establishing the 
trust link comprises: 

receiving namespaces corresponding to the second network system; 

comparing a received namespace with existing namespaces to determine whether to 
accept the received namespace; and 

creating a data structure to maintain accepted namespaces. 

58. (Previously Presented) The method as recited in claim 51, wherein establishing the 
trust link comprises receiving network system identifiers corresponding to the second network 
system and designating which of the network system identifiers to trust, and wherein determining 
comprises comparing a component of the request with the network system identifiers to 
determine that the account is managed in the second network system. 

59. (Previously Presented) The method as recited in claim 51, further comprising 
providing a security identifier corresponding to the account to the first network system domain 
controller, the first network system domain controller comparing the security identifier with 
stored network system identifiers to determine whether the security identifier is valid. 
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60. (Currently amended) A m e thod performed by a first network system domain controller^ 
the performing a method comprising: 

establishing a trust link with a second network system domain controller to provide 
transitive resource access between domains in a first network system and domains in a separate, 
autonomous second network system; 

receiving a resource request from an account managed by the first network system 
domain controller; 

determining from the trust link where to communicate the resource request_; and 
communicating the resource request to the second network system domain controller via 
the trust link. 

61. (Previously Presented) The method as recited in claim 60, wherein establishing 
the trust link comprises: 

receiving network system identifiers corresponding to the second network system; 
creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 

62. (Previously Presented) The method as recited in claim 60, wherein establishing 
the trust link comprises: 

receiving namespaces corresponding to the second network system; 
creating a data structure to maintain the namespaces; and 
designating which of the namespaces to trust. 

63. (Previously Presented) The method as recited in claim 60, wherein establishing the 
trust link comprises receiving network system identifiers corresponding to the second network 
system and designating which of the network system identifiers to trust, and wherein determining 
comprises comparing a component of the request with the network system identifiers to 
determine that the resource is managed in the second network system. 
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64. (Previously Presented) The method as recited in claim 60, further comprising 
providing a security identifier corresponding to the account to the first network system domain 
controller, the first network system domain controller comparing the security identifier with 
stored network system identifiers to determine whether the security identifier is valid. 

65. (Previously Presented) One or more computer-readable media comprising 
computer-executable instructions that, when executed, direct a first network system domain 
controller to perform a method comprising: 

establishing a trust link with a second network system domain controller to provide 
transitive resource access between domains in a first network system and domains in a separate, 
autonomous second network system; 

receiving a resource request from an account managed by a domain controller in the 
second network system; 

determining from the trust link_to communicate the resource request to the second 
network system; and 

communicating the resource request to the second network system domain controller via 
the trust link. 

66. (Original) One or more computer- readable media as recited in claim 65, wherein 
establishing the trust link comprises: 

receiving network system identifiers corresponding to the second network system; 
creating a data structure to maintain the network system identifiers; and 
designating which of the network system identifiers to trust. 

67. (Previously Presented) One or more computer-readable media comprising 
computer- executable instructions that, when executed, direct a domain controller in a first 
network system to perform a method comprising: 
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requesting network system identifiers corresponding to a second network system to create 
a trust link between the first network system and the second network system, the second network 
system being autonomous from the first network system; 

the trust link configured to provide transitive resource access between the plurality of 
first network system domains and the plurality of second network system domains; 

determining whether to accept the network system identifiers; 

designating accepted network system identifiers as trusted with trust indicators; 

creating a data structure to maintain the accepted network system identifiers and 
corresponding trust indicators; 

receiving a resource request from an account managed by the first network system 
domain controller; 

determining from the trust link where to communicate the resource request; and 
communicating the resource request via the trust link. 

68. (Original) One or more computer- readable media as recited in claim 67, wherein 
determining comprises comparing an individual network system identifier with existing network 
system identifiers and rejecting the individual network system identifier if it is a duplicate of an 
existing network system identifier. 

69. (Original) One or more computer-readable media as recited in claim 67, the method 
further comprising: 

receiving an authentication request to logon to a domain in the second network system; 
comparing a component of the authentication request with the network system identifiers; 

and 

communicating the authentication request to the second network system if the component 
corresponds to a trusted network system identifier. 



70. (Currently amended) A m e thod of op e rating a domain controller in a first network 
system performing a method comprising: 
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receiving a security identifier from a domain controller in a second network system via a 
trust link, the security identifier corresponding to an account managed by the second network 
system; 

the trust link configured to provide transitive resource access between the plurality of 
first network system domains and the plurality of second network system domains; 
determining whether the security identifier is valid; 

trusting the account corresponding to the security identifier if the security identifier is 
determined to be valid; 

receiving a resource request from an account managed by the first network system 
domain controller; 

determining from the trust link where to communicate the resource request; and 
communicating the resource request via the trust link. 

71 . (Previously Presented) The method as recited in claim 70, wherein determining 
comprises comparing the security identifier with network system identifiers and determining that 
the security identifier is valid if it matches a component of a network system identifier. 

72. (Previously Presented) The method as recited in claim 70, wherein determining 
comprises comparing the security identifier with stored network system identifiers and 
determining that the security identifier is valid if it matches a component of a network system 
identifier, the network system identifiers received from the second network system and 
designated as being trusted when the trust link is initiated. 

73. (Previously Presented) The method as recited in claim 70, wherein the security 
identifier corresponds to a security principal managed by the domain controller in the second 
network system. 
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74. (Original) One or more computer-readable media comprising computer-executable 

instructions that, when executed, direct a computing system to perform the method of claim 70. 
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